| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123047-CVE-2022-50859-6991@gregkh>
Date: Tue, 30 Dec 2025 13:19:55 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-50859: cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
Commit d5c7076b772a ("smb3: add smb3.1.1 to default dialect list")
extend the dialects from 3 to 4, but forget to decrease the extended
length when specific the dialect, then the message length is larger
than expected.
This maybe leak some info through network because not initialize the
message body.
After apply this patch, the VALIDATE_NEGOTIATE_INFO message length is
reduced from 28 bytes to 26 bytes.
The Linux kernel CVE team has assigned CVE-2022-50859 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.0 with commit d5c7076b772ad7dcdb92303397b36aee8fa0d25d and fixed in 5.4.220 with commit d0050ec3ebbcb3451df9a65b8460be9b9e02e80c
Issue introduced in 5.0 with commit d5c7076b772ad7dcdb92303397b36aee8fa0d25d and fixed in 5.10.150 with commit 9312e04b6c6bc46354ecd0cc82052a2b3df0b529
Issue introduced in 5.0 with commit d5c7076b772ad7dcdb92303397b36aee8fa0d25d and fixed in 5.15.75 with commit 60480291c1fcafad8425d93f771b5bcc2bd398b4
Issue introduced in 5.0 with commit d5c7076b772ad7dcdb92303397b36aee8fa0d25d and fixed in 5.19.17 with commit 943eb0ede74ecd609fdfd3f0b83e0d237613e526
Issue introduced in 5.0 with commit d5c7076b772ad7dcdb92303397b36aee8fa0d25d and fixed in 6.0.3 with commit fada9b8c95c77bb46b89e18117405bc90fce9f74
Issue introduced in 5.0 with commit d5c7076b772ad7dcdb92303397b36aee8fa0d25d and fixed in 6.1 with commit e98ecc6e94f4e6d21c06660b0f336df02836694f
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-50859
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/cifs/smb2pdu.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/d0050ec3ebbcb3451df9a65b8460be9b9e02e80c
https://git.kernel.org/stable/c/9312e04b6c6bc46354ecd0cc82052a2b3df0b529
https://git.kernel.org/stable/c/60480291c1fcafad8425d93f771b5bcc2bd398b4
https://git.kernel.org/stable/c/943eb0ede74ecd609fdfd3f0b83e0d237613e526
https://git.kernel.org/stable/c/fada9b8c95c77bb46b89e18117405bc90fce9f74
https://git.kernel.org/stable/c/e98ecc6e94f4e6d21c06660b0f336df02836694f
Powered by blists - more mailing lists